Cryptr: a GUI for Hashicorp's Vault
Alternatives To Cryptr
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
3 months ago8apache-2.0HTML
Cryptr: a GUI for Hashicorp's Vault
6 days ago6lgpl-2.1PHP
Per-player GUI-based vaults plugin for PocketMine-MP
3 months ago16gpl-3.0Go
Yet another GUI app for gocryptfs.
5 years ago1Java
Minecraft - Spigot GUI Shop & Auction House | A simple but powerful GUI based shop and auction system. Players will be able to create their own chest based shops and offer their goods to the entire server. Players will no longer need to run around and search for good trades. With this plugin players will be able to find all they need in one place. Requires Vault and MySQL
Partition Safe2
6 years ago6mitC
The vault of the century!
Ansible Scale Gui2
3 years ago1mit
Ansible role for installing and configuring IBM Spectrum Scale (GPFS) Graphical User Interface (GUI)
Lightning Vault2
4 years agoC++
Lightning vault client side GUI program.
Alternatives To Cryptr
Select To Compare

Alternative Project Comparisons


Cryptr is a GUI for Hashicorp's Vault.

Using Cryptr, a user may manage secrets in their Vault instance: reading, creating, and modifying secrets with ease.

alt text

Download Binaries

The current release can be downloaded here.

Cryptr supports Windows, Linux and macOS. It has been tested on Windows 10, Ubuntu 17.04 Desktop, and macOS 10.15 Catalina.

On macOS, you may be warned about untrusted developers when you first attempt to launch Cryptr. To resolve this, open Finder, navigate to Applications, right-click on and click Open. You can then confirm you want to allow Cryptr to be opened.

For Linux, use the .AppImage files. They are self-contained binaries that run on every major linux distro. Just make it executable and run it. AppImage information here!

Install using Homebrew

Cryptr can be installed via Homebrew where Cryptr is available as a cask. Just type

brew cask install cryptr

Building from Source

You only need to do this if you want to contribute code, or run Cryptr in developer mode. (For Linux binaries, see above).

git clone
cd cryptr
npm install
npm run dev

Unique Features

In addition to the default feature-set of Vault, Cryptr adds some things that are "nice to have". Some of these include:

  • Files can be uploaded and downloaded directly to and from the filesystem. This includes both text and binary files.
  • A "share secret" features allows one user to send another user a time-limited self-destructing secret. This can be useful to send a secret to a friend without needing to change the receiving party's access in Vault.
  • Underscores in key names show as whitespace. ie. secret/My_cool_Secret shows up in the folder structure as My cool Secret
  • Secrets can be easily moved or renamed using a friendly UI.


Apache 2.0 License

Auth backends

Currently LDAP, UserPass and Token auth backends are accepted. Most others are not useful for a GUI, but if you feel otherwise, submit a pull request or open an issue.

Important Notes about Policies

Secret Discovery

Cryptr requires that policies associated with a token to be readable by that token. The purpose for this is to discover what secrets are available to the token. An example ACL for a policy found at sys/policy/demo would be as follows:

path "secret/mysecrets/*" {
  policy = "write"

path "sys/policy/demo" {
    policy = "read"

Only the permission to read is advised for the policy. NOTE: This policy addition is critical to discovering available secrets. Without this, there is no programatic way for Cryptr to know what secrets it can query to show the user. (Also, for that matter, there is no way for a human using the CLI to discover secrets, except for blindly attempting to list potential folders). As such, it is highly recommended to do this for all policies. All policies without this ability must necessarily be ignored by Cryptr.

Globs and Secret Discovery

Cryptr currently only supports glob characters at the folder level (ie. secret/*), and not as a suffix (ie. secret/group*). This is due to the lack of any ability to list based on a prefix. As noted here, list command outputs are not filtered by policy. You are welcome to add list permissions on the containing folder, but know that this is not recommended.

Popular Vault Projects
Popular Gui Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Password Manager
Secret Management